<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type='text/xsl' href='../../../assets/comments.xslt'?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xml:lang="de-DE">
  <title type="text">💬 <![CDATA['Http Signing']]></title>
  <subtitle type="text">Marcus Rohrmoser mobile Software</subtitle>
  <updated>2024-10-06T18:22:28+02:00</updated>
  <link rel="self" type="application/atom+xml" href="https://blog.mro.name/2024/10/http-signing/comments.xml"/>
  <id>https://blog.mro.name/2024/10/http-signing/comments.xml</id>
  <entry>
    <title>💬 <![CDATA['Http Request Signing']]></title>
    <author>
      <name><![CDATA[mro]]></name>
    </author>
    <id>https://blog.mro.name/2024/10/http-signing/comments.xml#c0</id>
    <updated>2024-10-07T10:50:50+02:00</updated>
    <content type="text"><![CDATA[I just was made aware of https://swicg.github.io/activitypub-http-signature again (thanks Johannes); they mention two usecases.
      
Both have nothing to do with transmission but legitimicy. As the sending server can lie at will, I am not convinced.

The linked https://arewehs2019yet.vpzom.click shows all the misery of the current state. Thanks @vpzom@greenish.red.]]></content>
    <thr:in-reply-to ref="https://blog.mro.name/2024/10/http-signing/" href="https://blog.mro.name/2024/10/http-signing/" type="text/html"/>
  </entry>
  <entry>
    <title>💬 <![CDATA['Http Request Signing']]></title>
    <author>
      <name><![CDATA[mro]]></name>
    </author>
    <id>https://blog.mro.name/2024/10/http-signing/comments.xml#c1</id>
    <updated>2024-10-08T09:26:16+02:00</updated>
    <content type="text"><![CDATA[Announced blogpost at https://lists.w3.org/Archives/Public/public-swicg/2024Oct/0010.html]]></content>
    <thr:in-reply-to ref="https://blog.mro.name/2024/10/http-signing/" href="https://blog.mro.name/2024/10/http-signing/" type="text/html"/>
  </entry>
  <entry>
    <title>💬 <![CDATA['Http Request Signing']]></title>
    <author>
      <name><![CDATA[mro]]></name>
    </author>
    <id>https://blog.mro.name/2024/10/http-signing/comments.xml#c2</id>
    <updated>2024-10-09T12:53:28+02:00</updated>
    <content type="text"><![CDATA[Announced also to the fediverse https://digitalcourage.social/@mro/113276955388352050]]></content>
    <thr:in-reply-to ref="https://blog.mro.name/2024/10/http-signing/" href="https://blog.mro.name/2024/10/http-signing/" type="text/html"/>
  </entry>
  <entry>
    <title>💬 <![CDATA['Http Request Signing']]></title>
    <author>
      <name><![CDATA[@django@social.coop]]></name>
    </author>
    <id>https://blog.mro.name/2024/10/http-signing/comments.xml#c3</id>
    <updated>2024-10-09T19:50:38+02:00</updated>
    <content type="text"><![CDATA[@mro@digitalcourage.social @j12t@j12t.social @w3c@w3c.social When a certain implementor wasn't convinced of its necessity I forged a message from their own account 🥸
      
https://mediaformat.org/2023/10/signature-verification-in-wordpress/

https://social.coop/@django/113278730846217623]]></content>
    <thr:in-reply-to ref="https://blog.mro.name/2024/10/http-signing/" href="https://blog.mro.name/2024/10/http-signing/" type="text/html"/>
  </entry>
</feed>
